package com.ibm.ws.webservices.wssecurity.token;

import com.ibm.ISecurityUtilityImpl.RealmSecurityName;
import com.ibm.websphere.security.WSSecurityException;
import com.ibm.websphere.security.auth.WSPrincipal;
import com.ibm.ws.security.core.ContextManager;
import com.ibm.ws.security.core.ContextManagerFactory;
import com.ibm.ws.security.util.AccessController;
import com.ibm.ws.webservices.engine.MessageContext;
import com.ibm.ws.webservices.wssecurity.core.WSSecurityPlatformContextFactory;
import com.ibm.ws.webservices.wssecurity.util.ConfigConstants;
import com.ibm.wsspi.webservices.rpc.handler.soap.SOAPMessageContext;
import com.ibm.wsspi.wssecurity.Constants;
import com.ibm.wsspi.wssecurity.SoapSecurityException;
import com.ibm.wsspi.wssecurity.auth.token.Token;
import com.ibm.wsspi.wssecurity.auth.token.TokenId;
import com.ibm.wsspi.wssecurity.config.TokenConsumerConfig;
import com.ibm.xml.soapsec.util.Tr;
import com.ibm.xml.soapsec.util.TraceComponent;
import java.security.PrivilegedAction;
import java.util.Collection;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.security.auth.Subject;

/* loaded from: input_file:com.ibm.ws.admin.client_7.0.0.jar:com/ibm/ws/webservices/wssecurity/token/TokenManager.class */
public class TokenManager {
    private static final String TOKENID_TABLE = "com.ibm.websphere.wssecurity.tokenIdTable";
    private static final TraceComponent tc = Tr.register(TokenManager.class, ConfigConstants.TR_GROUP, ConfigConstants.TR_NLSPROPS);
    private static final String comp = "security.wssecurity";

    public static void initializeSubject(Map map) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "initializeSubject(Map context)");
        }
        Object obj = map.get(Constants.WSSECURITY_SUBJECT);
        if (obj == null || !(obj instanceof Subject)) {
            map.put(Constants.WSSECURITY_SUBJECT, new Subject());
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "initializeSubject(Map context)");
        }
    }

    public static void finalizeSubject(Map map) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "finalizeSubject(Map context)");
        }
        if (WSSecurityPlatformContextFactory.getInstance().isServer()) {
            SOAPMessageContext sOAPMessageContext = (SOAPMessageContext) map.get(Constants.WSSECURITY_MESSAGE_CONTEXT);
            Subject subject = (Subject) map.get(Constants.WSSECURITY_SUBJECT);
            ContextManager contextManagerFactory = ContextManagerFactory.getInstance();
            if (contextManagerFactory == null) {
                throw SoapSecurityException.format("security.wssecurity.TokenManager.finalizeSubject01");
            }
            try {
                Subject callerSubject = contextManagerFactory.getCallerSubject();
                if (callerSubject == null) {
                    sOAPMessageContext.removeProperty(com.ibm.ws.webservices.wssecurity.Constants.CALLER_SUBJECT);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "The caller subject is null.");
                    }
                } else {
                    sOAPMessageContext.setProperty(com.ibm.ws.webservices.wssecurity.Constants.CALLER_SUBJECT, callerSubject);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Stored the caller subject.");
                    }
                }
                try {
                    Subject invocationSubject = contextManagerFactory.getInvocationSubject();
                    if (invocationSubject == null) {
                        sOAPMessageContext.removeProperty(com.ibm.ws.webservices.wssecurity.Constants.INVOCATION_SUBJECT);
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "The invocation subject is null.");
                        }
                    } else {
                        sOAPMessageContext.setProperty(com.ibm.ws.webservices.wssecurity.Constants.INVOCATION_SUBJECT, invocationSubject);
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Stored the invocation subject.");
                        }
                    }
                    try {
                        contextManagerFactory.setCallerSubject(subject);
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Replaced the caller subject [" + (subject == null ? "null" : "not null") + "]");
                        }
                        try {
                            contextManagerFactory.setInvocationSubject(subject);
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Replaced the invocation subject [" + (subject == null ? "null" : "not null") + "]");
                            }
                        } catch (WSSecurityException e) {
                            throw SoapSecurityException.format("security.wssecurity.TokenManager.finalizeSubject05", e);
                        }
                    } catch (WSSecurityException e2) {
                        throw SoapSecurityException.format("security.wssecurity.TokenManager.finalizeSubject04", e2);
                    }
                } catch (WSSecurityException e3) {
                    throw SoapSecurityException.format("security.wssecurity.TokenManager.finalizeSubject03", e3);
                }
            } catch (WSSecurityException e4) {
                throw SoapSecurityException.format("security.wssecurity.TokenManager.finalizeSubject02", e4);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "finalizeSubject(Map context)");
        }
    }

    public static void setToken(final Map map, final Token token) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setToken(Map context,Token token[" + token + "])");
        }
        AccessController.doPrivileged(new PrivilegedAction() { // from class: com.ibm.ws.webservices.wssecurity.token.TokenManager.1
            @Override // java.security.PrivilegedAction
            public Object run() {
                Subject subject = (Subject) map.get(Constants.WSSECURITY_SUBJECT);
                if (subject == null) {
                    Tr.error(TokenManager.tc, "security.wssecurity.TokenManager.subjectIsNull");
                    return null;
                }
                subject.getPrivateCredentials().add(token);
                return null;
            }
        });
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setToken(Map context,Token token)");
        }
    }

    public static Token getToken(Map map, TokenConsumerConfig tokenConsumerConfig, String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getToken(Map context,TokenConsumerConfig tconfig[" + tokenConsumerConfig + "],String id[" + str + "])");
        }
        Token token = null;
        if (tokenConsumerConfig != null) {
            Iterator it = getTokens(map).iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                Token token2 = (Token) it.next();
                String id = token2.getId();
                if (id != null && id.equals(str) && tokenConsumerConfig.equals(token2.getUsedTokenConsumer())) {
                    token = token2;
                    break;
                }
            }
            if (token == null) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Did not find exact token match with token consumer; try matching consumer class.");
                }
                Iterator it2 = getTokens(map).iterator();
                Class<?> cls = null;
                if (tokenConsumerConfig != null) {
                    cls = tokenConsumerConfig.getClass();
                }
                while (true) {
                    if (!it2.hasNext()) {
                        break;
                    }
                    Token token3 = (Token) it2.next();
                    String id2 = token3.getId();
                    if (id2 != null && id2.equals(str)) {
                        Class<?> cls2 = null;
                        if (token3.getUsedTokenConsumer() != null) {
                            cls2 = token3.getUsedTokenConsumer().getClass();
                        }
                        if (cls != null && cls2 != null && cls.equals(cls2)) {
                            token = token3;
                            break;
                        }
                    }
                }
            }
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Since TokenConsumerConfig is null, the runtime can't identify a token.");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getToken(Map context,TokenConsumerConfig tconfig,String id) returns Token[" + token + "]");
        }
        return token;
    }

    public static Token getToken(Map map, TokenId tokenId) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getToken(Map context,TokenId tokenId[" + tokenId + "])");
        }
        Token token = null;
        if (tokenId != null) {
            token = getToken(map, tokenId.getId());
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getToken(Map context,TokenId tokenId) returns Token[" + token + "]");
        }
        return token;
    }

    public static Token getToken(Map map, String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getToken(Map context,String id[" + str + "])");
        }
        Token token = null;
        if (str != null) {
            Iterator it = getTokens(map).iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                Token token2 = (Token) it.next();
                String id = token2.getId();
                if (id != null && id.equals(str) && token2.getError() == null) {
                    token = token2;
                    break;
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getToken(Map context,TokenId tokenId) returns Token[" + token + "]");
        }
        return token;
    }

    public static Token getUnprocessedToken(Map map) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getUnprocessedToken(Map context");
        }
        Iterator it = getTokens(map).iterator();
        Token token = null;
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            Token token2 = (Token) it.next();
            if (!token2.isProcessed()) {
                token = token2;
                break;
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getUnprocessedToken(Map context) returns Token[" + (token == null ? "null" : token.getClass().getName() + ":" + token.getUniqueID()) + "]");
        }
        return token;
    }

    public static void setTokens(final Map map, final Collection collection) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setTokens(Map context,Collection tokens[" + collection + "])");
        }
        AccessController.doPrivileged(new PrivilegedAction() { // from class: com.ibm.ws.webservices.wssecurity.token.TokenManager.2
            @Override // java.security.PrivilegedAction
            public Object run() {
                Subject subject = (Subject) map.get(Constants.WSSECURITY_SUBJECT);
                if (subject == null) {
                    Tr.error(TokenManager.tc, "security.wssecurity.TokenManager.subjectIsNull");
                    return null;
                }
                subject.getPrivateCredentials().addAll(collection);
                return null;
            }
        });
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setTokens(Map context,Collection tokens)");
        }
    }

    public static Set getTokens(final Map map) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getTokens(Map context)");
        }
        Set set = (Set) AccessController.doPrivileged(new PrivilegedAction() { // from class: com.ibm.ws.webservices.wssecurity.token.TokenManager.3
            @Override // java.security.PrivilegedAction
            public Object run() {
                Set set2 = null;
                Subject subject = (Subject) map.get(Constants.WSSECURITY_SUBJECT);
                if (subject == null) {
                    Tr.error(TokenManager.tc, "security.wssecurity.TokenManager.subjectIsNull");
                } else {
                    set2 = subject.getPrivateCredentials(Token.class);
                }
                return set2;
            }
        });
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getTokens(context) returns Set[" + set + "]");
        }
        return set;
    }

    public static Set getTokens(Map map, String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getTokens(Map context,String id[" + str + "])");
        }
        Set<Token> tokens = getTokens(map);
        HashSet hashSet = new HashSet();
        for (Token token : tokens) {
            String id = token.getId();
            if (id != null && id.equals(str)) {
                hashSet.add(token);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getTokens(Map context,String id) returns Set[" + hashSet + "]");
        }
        return hashSet;
    }

    public static void removeToken(final Map map, final Token token) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "removeToken(Map context,Token token[" + token + "])");
        }
        AccessController.doPrivileged(new PrivilegedAction() { // from class: com.ibm.ws.webservices.wssecurity.token.TokenManager.4
            @Override // java.security.PrivilegedAction
            public Object run() {
                Subject subject = (Subject) map.get(Constants.WSSECURITY_SUBJECT);
                if (subject == null) {
                    Tr.error(TokenManager.tc, "security.wssecurity.TokenManager.subjectIsNull");
                    return null;
                }
                subject.getPrivateCredentials().remove(token);
                return null;
            }
        });
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "removeToken(Map context,Token token)");
        }
    }

    public static void removeTokens(final Map map, final Set set) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "removeTokens(Map context,Set tokens[" + set + "])");
        }
        AccessController.doPrivileged(new PrivilegedAction() { // from class: com.ibm.ws.webservices.wssecurity.token.TokenManager.5
            @Override // java.security.PrivilegedAction
            public Object run() {
                Subject subject = (Subject) map.get(Constants.WSSECURITY_SUBJECT);
                if (subject == null) {
                    Tr.error(TokenManager.tc, "security.wssecurity.TokenManager.subjectIsNull");
                    return null;
                }
                subject.getPrivateCredentials().removeAll(set);
                return null;
            }
        });
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "removeTokens(Map context,Set tokens)");
        }
    }

    public static void removeAllTokens(final Map map) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "removeAllTokens(Map context)");
        }
        AccessController.doPrivileged(new PrivilegedAction() { // from class: com.ibm.ws.webservices.wssecurity.token.TokenManager.6
            @Override // java.security.PrivilegedAction
            public Object run() {
                Subject subject = (Subject) map.get(Constants.WSSECURITY_SUBJECT);
                Set privateCredentials = subject.getPrivateCredentials(Token.class);
                if (subject == null) {
                    Tr.error(TokenManager.tc, "security.wssecurity.TokenManager.subjectIsNull");
                    return null;
                }
                subject.getPrivateCredentials().removeAll(privateCredentials);
                return null;
            }
        });
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "removeAllTokens(Map context)");
        }
    }

    public static void setTokenId(TokenId tokenId) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setTokenId(Tokenid tokenId[" + tokenId + "])");
        }
        MessageContext currentThreadsContext = MessageContext.getCurrentThreadsContext();
        Hashtable hashtable = (Hashtable) currentThreadsContext.getProperty(TOKENID_TABLE);
        if (hashtable == null) {
            initTokenIdTable(currentThreadsContext);
        }
        hashtable.put(tokenId.getId(), tokenId);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setTokenId(TokenId tokenId)");
        }
    }

    public static Hashtable getTokenIdsTable() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getTokenIdsTable()");
        }
        MessageContext currentThreadsContext = MessageContext.getCurrentThreadsContext();
        Hashtable hashtable = (Hashtable) currentThreadsContext.getProperty(TOKENID_TABLE);
        if (hashtable == null) {
            initTokenIdTable(currentThreadsContext);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getTokenIdsTable() returns Hashtable[" + hashtable + "]");
        }
        return hashtable;
    }

    private static void initTokenIdTable(SOAPMessageContext sOAPMessageContext) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "initTokenIdTable(SOAPMessageContext mcontext)");
        }
        if (!sOAPMessageContext.containsProperty(TOKENID_TABLE) || sOAPMessageContext.getProperty(TOKENID_TABLE) == null) {
            sOAPMessageContext.setProperty(TOKENID_TABLE, new Hashtable());
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "initTokenIdTable(SOAPMessageContext mcontext)");
        }
    }

    public static String getRunAsIdentity(final boolean z) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getRunAsIdentity(boolean sendRealm[" + z + "])");
        }
        String str = (String) AccessController.doPrivileged(new PrivilegedAction() { // from class: com.ibm.ws.webservices.wssecurity.token.TokenManager.7
            @Override // java.security.PrivilegedAction
            public Object run() {
                Set principals;
                Subject subject = null;
                String str2 = null;
                ContextManager contextManagerFactory = ContextManagerFactory.getInstance();
                if (contextManagerFactory == null) {
                    Tr.error(TokenManager.tc, "security.wssecurity.TokenManager.finalizeSubject01");
                }
                try {
                    subject = contextManagerFactory.getInvocationSubject();
                    if (subject == null) {
                        Tr.error(TokenManager.tc, "security.wssecurity.TokenManager.finalizeSubject03");
                    }
                } catch (WSSecurityException e) {
                    Tr.error(TokenManager.tc, "security.wssecurity.TokenManager.finalizeSubject03", new Object[]{e});
                }
                if (subject != null && (principals = subject.getPrincipals(WSPrincipal.class)) != null) {
                    Iterator it = principals.iterator();
                    if (it.hasNext()) {
                        WSPrincipal wSPrincipal = (WSPrincipal) it.next();
                        str2 = z ? wSPrincipal.getName() : RealmSecurityName.getSecurityName(wSPrincipal.getName());
                    }
                }
                return str2;
            }
        });
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getRunAsIdentity(boolean sendRealm) returns String[" + str + "]");
        }
        return str;
    }
}
